Martin, could you please to check the output of the following command also: echo | openssl s_client -connect download.opensuse.org:443 Victor On Thu, 2022-08-11 at 17:50 +0200, Martin via Uyuni Users wrote:
Hello Julio
uyuni:~ # curl -v https://download.opensuse.org/repositories/systemsmanagement:/Uyuni:/Stable/... * Trying 195.135.221.134:443... * Connected to download.opensuse.org (195.135.221.134) port 443 (#0) * ALPN, offering h2 * ALPN, offering http/1.1 * TLSv1.3 (OUT), TLS handshake, Client hello (1): * TLSv1.3 (IN), TLS handshake, Server hello (2): * TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8): * TLSv1.3 (IN), TLS handshake, Certificate (11): * TLSv1.3 (OUT), TLS alert, unknown CA (560): * SSL certificate problem: unable to get local issuer certificate * Closing connection 0 curl: (60) SSL certificate problem: unable to get local issuer certificate More details here: https://curl.se/docs/sslcerts.html
curl failed to verify the legitimacy of the server and therefore could not establish a secure connection to it. To learn more about this situation and how to fix it, please visit the web page mentioned above.
There seems to be an issue with the CA.
I changed the Repository URL from https to http - now it works.
Thank you
Martin
Am 11.08.22 um 13:35 schrieb Julio Gonzalez via Uyuni Users:
El jueves, 11 de agosto de 2022 13:20:28 (CEST) Martin via Uyuni Users escribió:
Hallo all
I can't connect to uyuni-stable repo:
uyuni:~ # zypper ref -s All services have been refreshed. Repository 'Update repository of openSUSE Backports' is up to date. Repository 'Non-OSS Repository' is up to date. Repository 'Haupt-Repository' is up to date. Repository 'Update repository with updates from SUSE Linux Enterprise 15' is up to date. Repository 'Hauptaktualisierungs-Repository' is up to date. Repository 'Aktualisierungs-Repository (Nicht-Open-Source- Software)' is up to date. Retrieving repository 'uyuni-server-stable' metadata ................................................................. ........... ......................[error] Repository 'uyuni-server-stable' is invalid. [uyuni-server- stable|https://download.opensuse.org/repositories/systemsmanag ement:/Uyuni:/Stable/images/repo/Uyuni-Server-POOL-x86_64- Media1/] Valid metadata not found at specified URL History: - [|] Error trying to read from ' https://download.opensuse.org/repositories/systemsmanagement:/Uyun i:/Stable /images/repo/Uyuni-Server-POOL-x86_64-Media1/' - Download (curl) error for ' https://download.opensuse.org/repositories/systemsmanagement:/Uyun i:/Stable /images/repo/Uyuni-Server-POOL-x86_64-Media1/content': Error code: Curl error 60 Error message: SSL certificate problem: unable to get local issuer certificate
Please check if the URIs defined for this repository are pointing to a valid repository. Skipping repository 'uyuni-server-stable' because of the above error. Some of the repositories have not been refreshed because of an error. curl -v https://download.opensuse.org/repositories/systemsmanagement:/Uyuni:/ Stable/images/repo/Uyuni-Server-POOL-x86_64- Media1/repodata/repomd.xml
and inspect the output
The repomd.xml doesn't get you redirected to a mirror, and works fine from here. But curl will give you more info about what's wrong.
In my case I see:
Server certificate: * subject: CN=opensuse.org * start date: Jul 12 00:12:58 2022 GMT * expire date: Oct 10 00:12:57 2022 GMT * subjectAltName: host "download.opensuse.org" matched cert's "*.opensuse.org" * issuer: C=US; O=Let's Encrypt; CN=R3 * SSL certificate verify ok.
Two additional Questions
What I have to do, if the uyuni server IP has changed? AFAIK, as long as you keep the same hostname, you don't need to do anything.
If you also changed the hostname: https://www.uyuni-project.org/uyuni-docs/en/uyuni/administration/ troubleshooting/tshoot-hostname-rename.html
What I have to do, if the IP of a uyuni managed client has changed? AFAI; if you onboarded using the clients hostname (recommended), nothing particular. At some point a refresh will happen and you will see the new IPs at the UI.
But if you onboarded using the IP of the clients, then I think (but I am not sure), that you need to use reactivation keys.
https://www.uyuni-project.org/uyuni-docs/en/uyuni/client-configuration/ activation-keys.html#_reactivation_keys
We move our servers to a new IP Range. As long as you are using hostnames in all cases, chaging IPs should not really big an issue
Best regards
Martin
Am 10.08.22 um 13:07 schrieb Julio Gonzalez via Uyuni Users:
VERY IMPORTANT: 2022.08 requires special procedures if you are not already using Uyuni 2022.06! The configuration files for the proxy on containers also needs to be updated. Make sure you read the release notes before updating!>
We are happy to announce the availability of Uyuni 2022.08. Most openSUSE mirrors should already have 2022.08, but if you do not see it yet, wait a few hours until your local openSUSE mirror is synced.
Athttps://www.uyuni-project.org/pages/stable-version.html you will find all the resources you need to start working with Uyuni 2022.08, including the release notes, documentation, requirements and setup instructions.>
This is the list of highlights for this release:
- Ubuntu 22.04 as client - GPG key handling in Uyuni - Disabling locally defined repositories - Technology Preview: Helm chart to deploy containerized Uyuni Proxy
and Retail Branch Server
Remember that Uyuni will follow a rolling release planning, so the next version will contain bugfixes for this one and any new features. There will be no maintenance of 2022.08
As always, we hope you will enjoy Uyuni 2022.08 and we invite everyone of you to send us your feedback [1] and of course your patches, if you can contribute.
Happy hacking!